The UK financial sector’s reliance on technology and big name firms is being addressed by the Bank of England, Financial Conduct Authority (FCA), and the Prudential Regulation Authority (PRA).

They all proposed rules to regulate the heavy reliance of financial firms on external technology companies for their critical business operations.

The UK regulators said big name tech firms “supply an array of services to firms and FMIs (financial market infrastructure entities), providing benefits, including greater operational resilience and innovation. However, if they are disrupted or fail, there are potential risks to UK financial stability.”

City of London.
Image credit, Financial Conduct Authority

Regulatory proposals

All three agencies say that managing these risks fully is beyond the ability of any individual firm or FMI, and requires an appropriate level of direct regulatory oversight.

These proposals are designed therefore to complement but not clash with the responsibilities of individual firms and FMIs relating to operational resilience and third-party risk management.

“Financial market infrastructure firms are becoming increasingly dependent on third-party technology providers for services that could impact UK financial stability if they were to fail or be disrupted,” said Sarah Breeden, Deputy Governor for Financial Stability.

“The proposals in this consultation paper (CP) build on last year’s discussion paper to enable the Bank of England, in co-ordination with the PRA and the FCA, to manage these systemic risks, while enabling UK FMIs also to benefit from using such providers,” said Breeden.

“Well managed outsourcing can bring efficiencies, accelerate innovation and boost operational resilience,” added Nikhil Rathi, chief executive of the FCA. “With a concentration of third parties serving multiple clients in financial services, there is, however, a risk of major impact if they are disrupted or fail.”

“We believe these proposals will improve the resilience of the critical third-party services that financial firms and their customers depend on, support market integrity and enhance UK competitiveness and growth,” said Rathi.

The minimum resilience standards require a third party tech firm to identify all services it provides to a financial firm, assess risks to its services and implement appropriate controls, undertake regular testing and have a mechanism for handling failures.

In addition, the proposals include:

  • A set of fundamental rules that would apply to all the services CTPs (critical third parties) provide to UK firms and FMIs, and act as a general statement of their obligations under the proposed regime;
  • A set of more granular operational risk and resilience requirements, to apply only to CTPs’ material services to firms and FMIs, such as requirements on technology and cyber resilience, as well as on supply chain risk, change and incident management;
  • Requirements for CTPs to provide certain information and assurance to the regulators, including submitting an annual self-assessment, and conducting regular testing of their ability to provide material services in severe but plausible disruption (‘scenario testing’);
  • Requirements for CTPs to notify the regulators, the firms and FMIs they provide services to, of specific disruptions which may adversely impact the services provided.

CTPs such as AWS, Microsoft, Google etc, will not be authorised or overseen by the regulators, but the third-party services they provide will be overseen against these proposals, once finalised.

Feedback on the proposals will be gathered until 15 March 2024, and the regulators will publish their final requirements and expectations in the second half of next year.

AI risk assessment

Meanwhile the Associated Press has reported that the Bank of England, in its half-yearly Financial Stability Review, said it will make an assessment next year about the risks posed by artificial intelligence and machine learning.

“We obviously have to go into AI with our eyes open,” bank Governor Andrew Bailey was quoted by AP as saying at a press briefing.

“It is something that I think we have to embrace, it is very important and has potentially profound implications for economic growth, productivity and how economies are shaped going forward.”

“The moral of the story is if you’re a firm using AI, you have to understand the tool you are using, that is the critical thing,” Bailey reportedly said.

Bailey also reportedly admitted he is “palpably not” an expert on AI, and said the new technologies have “tremendous potential” and are not simply “a bag of risks.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

US Probe Of Waymo Uncovers More Incidents – Report

NHTSA says its investigation of Waymo self-driving vehicles has uncovered more incidents that raise concerns

23 hours ago

Fake Accounts Proliferating On X, Study Warns

Ahead of US presidential election, fake accounts supporting Donald Trump are proliferating on Elon Musk's…

24 hours ago

Mike Lynch Defends Himself At HP-Autonomy Trial In US

British founder of Autonomy defends himself in San Francisco federal courthouse against criminal fraud charges

1 day ago

Elon Musk Disagrees With US Tariffs On Chinese EVs

Tesla's Elon Musk confirms opposition to the Biden Administration's implementation of 100 percent tariffs on…

2 days ago

Former Cybersecurity Boss Warns UK Not Heeding China Threat

Ciaran Martin, ex-chief executive of the National Cyber Security Centre, explains growing cyber threat posed…

2 days ago

YouTube Threatens To Block Russian Protest Group’s Anti-War Content

YouTube threatens to pull anti-war content from Russian rights group, after complaint from Putin regime's…

2 days ago